Cybercriminals exposed more than 5 billion records in 2019, costing US organizations over $1.2 trillion, according to a new report. Healthcare was the most targeted industry last year and remains an active target in 2020, accounting for 51% of incidents in Q1 – likely fueled by the COVID-19 pandemic.
Researchers are noticing a sharp increase in costs related to data breaches. While the 2.8 billion records exposed in 2018 cost organizations more than $654 billion, the over 5 billion records exposed in 2019 cost $1.2 trillion. This lifts the total cost from data breaches to over $1.8 trillion in two years, according to digital identity firm ForgeRock.
Breaches have increased dramatically, both in actual numbers and costs, with healthcare emerging as the most targeted industry in 2019, accounting for 382 breaches and over $2.45 billion in costs. Medical records were the most sought-after type of PII in Q1 2020, accounting for 25% of all exposed data. These findings are consistent with other reports tracking attacks on healthcare institutions.
A CBC Canada report revealed this week that medical records can fetch up to $200 on the dark web as they give malicious actors immense leverage in fraud campaigns. One expert cited in the CBC piece opined that healthcare in Canada is 20 years behind banks when it comes to cyber-hygiene. ForgeRock researchers further note that technology firms had the highest number of records compromised by breaches, with over 1.37 billion exposed.
According to the report, unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%.
Personally identifiable information (PII) as defined by new legislature (i.e. GDPR) remained the most targeted data by attackers and was exposed in 98% of 2019 breaches, up from 97% in 2018.
“By targeting PII and leveraging unauthorized access, cybercriminals highlight how weaknesses in enterprises’ identity and access management practices increasingly allow for greater volumes and more sensitive types of data to be pilfered,” researchers stressed.
Banking/insurance/financial came second after healthcare, accounting for 12% of all breaches. Education followed, at 7%, then government and retail, each with a 5% share.
Researchers say 2020 is set to outpace last year in terms of records breached, even though the number of individual incidents has dropped by 57%. And healthcare breaches will likely dominate, driven by fraudulent COVID-19 campaigns geared towards medical institutions and unwary members of the public.
Bitdefender’s own researchers in Q1 2020 found that the number of global cyberattacks targeting hospitals in March increased by almost 60% from February. According to our data over the past 12 months, this marked the highest spike in our global evolution of cyberattacks detected at hospitals.